Lock in $30 Savings on PRO—Offer Ends Soon! ⏳

2000day in Safari

Avatar for Bo0oM Bo0oM
May 21, 2019
2
2.2k

2000day in Safari

Avatar for Bo0oM

Bo0oM

May 21, 2019
Tweet

More Decks by Bo0oM

See All by Bo0oM
Носок на сок
Avatar for Bo0oM bo0om
0
1.9k
Выйди и зайди нормально
Avatar for Bo0oM bo0om
0
87
Защита от вредоносной автоматизации сегодня
Avatar for Bo0oM bo0om
0
610
Defending against automatization using nginx
Avatar for Bo0oM bo0om
0
840
Antibot pitch deck
Avatar for Bo0oM bo0om
0
160
31337
Avatar for Bo0oM bo0om
0
200
Your back is white
Avatar for Bo0oM bo0om
0
370
FTP2RCE
Avatar for Bo0oM bo0om
1
7.6k
Interpret it!
Avatar for Bo0oM bo0om
0
1.2k

Featured

See All Featured
XXLCSS - How to scale CSS and keep your sanity
Avatar for Zaharenia Atzitzikaki sugarenia
249
1.3M
The Art of Programming - Codeland 2020
Avatar for Erika Heidi erikaheidi
56
14k
Rails Girls Zürich Keynote
Avatar for Gregor Martynus gr2m
95
14k
The Invisible Side of Design
Avatar for Vitaly Friedman smashingmag
302
51k
The World Runs on Bad Software
Avatar for Brandon Keepers bkeepers
PRO
72
12k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.4k
How GitHub (no longer) Works
Avatar for Zach Holman holman
316
140k
Build your cross-platform service in a week with App Engine
Avatar for Jose L jlugia
234
18k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
Avatar for Morgane Peng morganepeng
132
19k
Intergalactic Javascript Robots from Outer Space
Avatar for Vicent Martí tanoku
273
27k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
Avatar for Sam Stephenson sstephenson
162
16k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
34
2.6k

Transcript

  1. 2000-day in Safari Anton Lopanitsyn @i_bo0om

  2. phdays.com #PHDays XSS https://portswigger.net/web-security/cross-site-scripting

  3. phdays.com #PHDays UXSS https://evil.com https://victim.com

  4. phdays.com #PHDays Save as webpage, complete

  5. phdays.com #PHDays chrome://flags

  6. phdays.com #PHDays MHTML

  7. phdays.com #PHDays MHTML

  8. phdays.com #PHDays

  9. phdays.com #PHDays Safari save as webarchive

  10. phdays.com #PHDays Signed webarchive

  11. phdays.com #PHDays Plaintext webarchive

  12. phdays.com #PHDays Plaintext webarchive <script> … </script>

  13. phdays.com #PHDays Plaintext webarchive

  14. phdays.com #PHDays

  15. phdays.com #PHDays https://blog.rapid7.com/2013/04/25/abusing-safaris-webarchive-file-format/

  16. phdays.com #PHDays

  17. phdays.com #PHDays

  18. phdays.com #PHDays

  19. phdays.com #PHDays

  20. phdays.com #PHDays

  21. phdays.com #PHDays xhtml

  22. phdays.com #PHDays xhtml

  23. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Library/Mail%20 Downloads/2F4D2013-CCBF-4341-B05E-CEB4B76F30CE/Document.xhtm file:///Users/bo0om/Downloads/33h0ygug3ulny0gvwhh3d.webarchive

  24. phdays.com #PHDays

  25. phdays.com #PHDays file:///Users/bo0om/Library/Containers/com.apple.mail/Data/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/com.apple.mail/Downloads/x.webarchive file:///Users/bo0om/Library/Containers/Downloads/x.webarchive file:///Users/bo0om/Library/Downloads/x.webarchive file:///Users/bo0om/Downloads/x.webarchive

  26. phdays.com #PHDays DEMO https://github.com/Bo0oM/Safari2000day)

  27. Thank you!